US 20050076140 A1
Broadcast storm due to topology loop may result from end-user mis-configurations, faulty ports, cabling problems, faulty spanning-tree algorithm implementations, and others. This loop detection mechanism helps detecting topology loops and eliminates them. It operates as a watchdog independent of the spanning-tree algorithm. The feature is aiming at enhancing the values of SO-LOS.
1. A topology loop detection mechanism, for a network, comprising:
sending out a loop detection frame; and
detecting a topology loop.
2. The topology loop detection mechanism as recited in
a Destination Media Access Control (DMAC) address; and
a Source Media Access Control (SMAC) address.
3. The topology loop detection mechanism as recited in
4. The topology loop detection mechanism as recited in
5. The topology loop detection mechanism as recited in
6. The topology loop detection mechanism as recited in
7. The topology loop detection mechanism as recited in
8. The topology loop detection mechanism as recited in
9. The topology loop detection mechanism as recited in
a terminator, for signifying an end of a message and extend the loop detection frame to particular size and byte alignment;
a port identifier, for determining whether the local switch is part of the topology loop or the topology loop resides remotely;
a VLAN identifier, for the loop detection frames” originator not being identified because the VLAN or its derived information is not available to a loop detection software module;
a switch identifier, for the loop detection frames” originator not being identified from the DMAC address or the SMAC address;
a timestamp, for identifying how long the loop detection frame has lingered, being against a replay attack; and
a checksum, for authenticating the loop detection frame, being against a faked loop detection frame from interfering with the network.
10. The topology loop detection mechanism as recited in
a transmission procedure;
a reception and forwarding procedure;
an analysis procedure; and
an action procedure.
11. The topology loop detection mechanism as recited in
a first transmission algorithm, emphasizing the balance between fast detection, non-excessive load, and fairness to all the VLANs or a plurality of ports, comprising:
all the ports of the local switch being candidates for the transmission of the loop detection frame on every second, and
sending out the loop detection frame on the VLANs under test on each the port, which are in a forwarding states for up to fifty such the VLANs which are treated fairly; and
a second transmission algorithm, comprising:
all the VLANs of the local switch in action being candidates for loop detection transmission on every second, and
sending one the loop detection frame on all the ports in an topology in action of the VLAN up to fifty the VLANs on each of the VLANs.
12. The topology loop detection mechanism as recited in
13. The topology loop detection mechanism as recited in
receiving the loop detection frame on a forwarding port on the topology in action,
the local switch forwarding the loop detection frame unmodified to all other the ports on the topology in active if not originating the frame, and
discarding the loop detection frame and ought not forward the loop detection frame further when the local switch receiving the loop detection frame on a blocking port.
14. The topology loop detection mechanism as recited in
determining the topology loop if the port originating the loop detection frame and the port receiving the loop detection frame are both in forwarding states;
the local switch being part of the topology loop if the ports being in different the ports; and
the topology loop residing remotely if the ports being the same port.
15. The topology loop detection mechanism as recited in
blocking the port originating the loop detection frame if a unidirectional link occurs;
alarming the end-user to implement a remedy if detecting a remote topology loop; and
resuming operation automatically after a timer expiry.
16. The topology loop detection mechanism as recited in
17. The topology loop detection mechanism as recited in
18. The topology loop detection mechanism as recited in
19. The topology loop detection mechanism as recited in
20. The topology loop detection mechanism as recited in
21. The topology loop detection mechanism as recited in
22. The topology loop detection mechanism as recited in
23. The topology loop detection mechanism as recited in
24. The topology loop detection mechanism as recited in
25. The topology loop detection mechanism as recited in
26. The topology loop detection mechanism as recited in
1. Field of the Invention
The present invention relates to mechanism of detecting topology loop in a network. More particularly, the present invention relates to detecting topology loop independently of other devices in a network.
2. Description of Related Art
Broadcast storm is a non-stop circulation of broadcast packets, and multicast packets as well, by interconnected Local Area Network (LAN) switches. The circulation is due to the presence of network topology loop, which is the presence of forwarding redundant paths, and due to the nature of LAN switching in forwarding received broadcast packets without considering the ‘age’ of the packets. Broadcast storm is evil in that it consumes the network bandwidth uselessly and may cause some hosts busy handling the replicated traffic. Thus a loop detection scheme is needed for eliminating broadcast storm in a LAN switching system. The switch running the loop detection should forward the frame to CPU to analyze the frame for loop detection if it originates the frame—that is accomplished using programmed entries in the switch's L2 forwarding table: directing frames destined to the originator-identifiable MAC address (such as the switch MAC with I/G set) to the CPU.”
One of loop detection schemes is the Spanning-Tree Protocol (STP), which is meant to derive a loop-free network topology. Normally STP in enabled. However, network topology loop can still result in some circumstances such as the following: 1. The STP implementations may be faulty and sometimes fail to derive a loop-free topology. 2. The port hardware may be faulty in such a way that it does not respond correctly to actions from STP. 3. STP may be disabled, intentionally or unintentionally, on the local switch or on the remote switches, or on some ports. End-users may then mistakenly operate the switches without verifying that the topology is loop-free. 4. The port hardware may be faulty in such a way that either the transmission or the reception of packets fails, resulting in unidirectional traffic. Also, a partially broken fiber can result in unidirectional traffic. In that case, STP may innocently move a blocking port to forwarding because the port (or its peer port) does not receive a superior Bridge Protocol Data Unit (BPDU). 5. The IEEE Standard 802.3ad Link Aggregation implementations maybe faulty and frames originated from a link aggregate are forwarded back to the link aggregate. 6. There may be link aggregation mis-configuration. Two sides of the links aggregate the ports differently. 7. Virtual Local Area Network (VLAN) translation may be enabled, intentionally or unintentionally, on the remote switches. End-users may then mistakenly operate the switches without verifying that the topology is loop-free. 8. Bridging between Layer 3 (L3) interfaces is enabled, but the resulting topology is not loop-free.
Accordingly, the invention provides a method of loop detection mechanism where a special multicast frame is sent out on forwarding ports and observed whether the frame will be received on a forwarding port. If there is no topology loop, the frame will be dropped at blocking ports on some remote switches or a local switch. If there is a topology loop, the frame will be received on a forwarding port on the local switch. The local switch is programmed to capture the frame to the CPU for further analysis without further forwarding the frame.
One object of this present invention is to operate a loop detection mechanism outside the Spanning Tree Protocol (STP) mechanism.
Another object of this present invention is to detect loops in the scenarios that STP is not capable of, such as unidirectional links.
Yet another object of this present invention is to consume network bandwidth on an efficient basis, or else the mechanism itself being an evil therein.
Yet another object of this present invention is to conservatively make assumptions about remote (or peer) switches, whether they are running network OS running loop detection, and capabilities and configurations thereof.
Yet another object of this present invention is to operate below the link aggregation layer.
As embodied and broadly described herein, the invention provides a loop detection mechanism to guard against the topology loop. Based on the above description, the mechanism of this present invention possesses the following qualities to provide broadcast storm free network: 1. Operating outside the STP mechanism. 2. Detecting loops in the scenarios that even the STP cannot work, such as unidirectional links. 3. Consuming relatively little network bandwidth, or else itself will be an evil. 4. Not making assumptions about remote (or peer) switches, whether they are running network OS running loop detection, their capabilities, and their configurations. 5. Operating below the link aggregation layer.
The present invention includes phases described thereafter to achieve the above targets and to implement the objects of the loop detection mechanism.
These and other objects, features and advantages of the present invention will become apparent from the following detailed description of illustrative embodiments thereof, which is to be read in connection with the accompanying drawings.
It is to be understood that both the foregoing general description and the following detailed description are exemplary, and are intended to provide further explanation of the invention as claimed.
The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
The present invention firstly provides a basic idea of a loop detection mechanism sending a special multicast frame out on the forwarding ports and observing whether the frame will be received on a forwarding port. If there is no topology loop, the frame will be dropped at the blocking ports on some remote switches or the local switch. If there is topology loop, the frame will be received on a forwarding port on the local switch. The local switch is programmed to capture the frame to the CPU for further analysis without further forwarding the frame. In order to demonstrate one preferred embodiment of this present invention, definitions for this loop detection mechanism of the present invention are described in following phases, including frame format, transmission, reception and forwarding, analysis, actions, detection scenarios. Some other considerations and command line interface are described thereafter.
FRAME FORMAT: The loop detection frame has a frame format as listed in the table of
Another choice for the destination MAC address for one preferred embodiment is the local switch's MAC address with the I/G bit set. The MAC address used as part of the bridge ID in STP can be used here. Then, such a unique destination MAC address can allow the switch originating the frame to capture the frame specifically. The I/G bit is turned on so that the frame is a multicast one for the same reason as discussed previously. Using such MAC addresses possesses no priority treatment for the frames, and the frames are more likely (than using 01-80-c2-00-00-2f, which can let the frames be treated as PDUs with treatment or priority similar to BPDUs) to be dropped in broadcast storm. Yet the software does not need to be involved in processing the received frames unless they are destined to the local switch's MAC address with the I/G bit set. This property keeps the CPU load low even when a large number of switches are enabled with loop detection. The local switch's MAC address with the I/G bit set can be used as the destination MAC address in one preferred embodiment of this present invention.
The source MAC address of the frame can be the local switch's MAC address(with I/G bit cleared). The MAC address used as part of the bridge ID in STP can be used here, or it can be the MAC address associated with some L3 interfaces (VLAN interfaces). Notice that remote switches will learn about this MAC address in their forwarding tables. Alternatively, the source MAC address of the frame can be the transmitting port's MAC address Using that can help identify the port originating a frame.
The message field herein consists of a number of Type-Length-Value (TLV) fields. The type sub-field represents the length of values (in units of bytes) to be followed. The value sub-field is optional, and when presents, carries the values of the TLV field. The choice of the DMAC is critical in that it must be a multicast address (I/G set) and allow the originator to capture the frame easily. The choice in this preferred embodiment is the switch MAC with I/G set because the switch MAC can uniquely identify the originator. The capture mechanism is through programming the L2 forwarding table with an entry directing the frame destined to the MAC address to CPU.
Referring to FIGS. 10 to 15, TLVS and the sub-fields thereof are described hereafter.
TRANSMISSION: A transmission introduced in the present invention is described herein. The loop detection frames are sent out on forwarding port on assigned VLANs. Whereas they can be sent out on non-forwarding ports also.
Topology loop is tested on a per-VLAN basis. Though the STP calculated topology for the VLANs of the same STP instance should be the same, it is desirable to test for topology loop for each active VALN. One reason is that the allowed VLANs may vary from port to port. Another reason is that the STP state in hardware is likely to be per-port-per-VLAN.
It is desirable that sending the loop detection frames out one port belonging to the VLAN under test is sufficient in detecting topology loop on the VLAN. However, some topology loop is caused by unidirectional link, and sending loop detection frames out always on one port may fail to detect that. For example, referring to
On the other hand, it is desirable to limit the load on the network and the CPU by limiting the number of the frames sent out. The requirements of slow protocol transmission characteristics described in Annex 43B of IEEE 802.3ad, 2000 specifies that the maximum traffic loading is limited to 50 frames per second per port. Using that as a reference, the first transmission algorithm can be as follows: i. On every second, all ports of the local Switch Are candidates for loop detection frame transmission. ii. On each port, send one loop detection frame on the VLANs under test, which are in forwarding states, for up to 50 such VLANs. Treat all VLANs fairly. For example, use a last-VID-used variable on each port. Send frames on VLANs from last-VID-used on. Then update the variable after transmission. When the variable reaches 4096, set it back to 1.
The above algorithm emphasizes the balance between fast detection, non-excessive load, and fairness to all VLANs or all ports. However, it may not be optimal for implementation because some ASIC switch engines can send to all ports on the same VLAN in one operation. The second transmission algorithm is as follows: i. On every second, all active VLANs of the local Switch Are candidates for loop detection transmission. ii. On each VALN, send one loop detection frame on all ports in the active topology of the VLAN. Do that for up to 50 VLANs. Use a global last-VID-used variable to help rotating through all active VLANs.
This algorithm may result in some ports not sending any loop detection frame for some time. The worst case is about 80 (4096/50) seconds. However, in practice there are a small number (likely to be fewer than 50) of active VLANs on the switch.
RECEPTION AND FORWARDING: When a conventional switch or a switch in the present invention with loop detection disabled receives a loop detection frame on a port on the active topology, it should forward the frame unmodified to all other ports on the active topology.
When a conventional switch with loop detection enabled receives a loop detection frame on a port on the active topology (a forwarding port), the switch should forward the frame unmodified to all other ports on the active topology if it does not originate the frame. The switch should forward the frame to CPU to analyze the frame for loop detection if it originates the frame. When the switch receives a loop detection frame on a blocking port, it may discard the frame and should not forward the frame further.
When the switch receives a loop detection frame on a port on the active topology, but the frames' assigned VID is different from the originating VID, the switch should forward the frame unmodified to all other ports on the active topology of the assigned VID. Receiving such a loop detection frame has not proven the existence of topology loop. Forwarding the frame on the assigned VID can further explore the possibility of topology loop. This forwarding rule is considered optional, but without it some loops cannot be detected, which is described afterwards in detection phase.
ANALYSIS: A switch with loop-detection enabled should perform loop detection analysis on a frame on a port on the active topology originated from the switch itself. In that case, it is likely that there is or was a topology loop.
To be conservative (reducing false positives), the loop detection software module should check the ports states again. If the port originating the frame and the port receiving the frame are both in forwarding state, then there is a topology loop. If both ports are in fact two different ports, then the local switch is part of the topology loop (such as illustrated in
For example, referring to
ACTIONS: Once a topology loop is detected, end-users should be notified to remedy the situation. If possible the switch should automatically stop the loop.
When the detecting switch is part of the topology loop, it can stop the loop by suspending the port to take it out of STP's control and setting the port state to blocking. There are two choices of which port to block: the port originating the frame, and the port receiving the frame. The former shall be blocked because that could be the source of the problem in the unidirectional link case. For example, in
When a switch detects a remote loop, the switch cannot stop the loop. The switch should alarm the end-users to implement the remedy. The loop detection frame that triggers the detection may be replicated many times by the loop. The switch should block these frames from burdening the CPU. Such block can be removed after a timer expiry, e.g. 3 minutes, so that end-users can be warned again if the loop persists.
Ideally, a remote loop can be stopped soon and automatically. However, the remote switches causing the loop cannot be identified in the loop detection frame. It is noted that the loop detection mechanism is designed not to rely on the cooperation of remote switches. Other mechanisms outside the scope of this loop detection mechanism can be used to stop a remote loop.
DETECTION SCENARIOS: There are various reasons that result in topology loops. Some scenarios detectable by loop detection mechanism are illustrated herein. It is to be noted that these scenarios are by no means exhaustive, which are described hereafter in at least five phases.
i. STP Related Problems: A topology loop forms when a switch opens up a supposedly blocking port to forwarding. That can be caused by faulty STP implementation and by port hardware not reacting properly to STP control. This can be due to the port is configured to be forwarding (e.g., STP is disabled on the port, or port copy feature is turned on.) while it is not supposed to.
ii. Unidirectional Link: Unidirectional links may be caused by port hardware stuck at the transmission logic or at the receiving logic. They may also be caused by partially broken fiber. Referring to
iii. Link Aggregation Related Problems: Topology loops may be formed when two sides of the links have different link aggregation configurations. Referring to
iv. VLAN Translation: VLAN translation when not used carefully can lead to topology loop. Referring to
v. Bridging among L3 Interfaces: Some routers allow bridging of frames among L3 interfaces. Such kind of bridging can change the assigned VLAN of the bridged frames. Topology loop is also possible. Referring to
Deployment: Just for the sake of detecting topology loops, enabling loop detection on one switch is sufficient. However, a detecting switch cannot stop a remote loop. To have the capability in stopping all detected loops, enable loop detection on all switches.
Because of that remote loops cannot be stopped by a local switch, it is imperative to choose a well-located switch to run loop detection if it is to run on only one switch. A well-located switch can be one where there is potentially a topology loop. Such a switch is usually located in the distribution layer.
Normally the uplink ports of an access layer switch lead to the distribution layer switch. Loop detection can be more helpful on the uplink ports than on the edge ports if enabling on all ports is a concern.
CPU load: It may seem preferable to run loop detection on all switches, assuming they support loop detection. In that case, using 01-80-c2-00-00-2f as the destination MAC address of loop detection frames can lead to excessive load on the CPU. It would be more desirable to use the switch MAC address with I/G bit set as the destination MAC address. Some ASIC switch engines can still prioritize the generation of the loop detection frames destined to the switch MAC address, and if there is a topology loop, the frames will be replicated many times. Therefore the likelihood of receiving the loop detection frames and detecting the topology loop may not be significantly less than using 01-80-c2-00-00-2f as the destination MAC address.
Detecting Capability: The loop detection does not guarantee detecting all topology loops though for now all perceivable cases seem covered.
However sound the mechanism it seems, it is still possible that the loop detection frames fail to reach the originating switch due to various reasons. For example, they can be dropped by broadcast suppression.
If the second loop detection frame transmission algorithm is used, a switch is likely to detect a loop between 1 to 80 seconds.
It will be apparent to those skilled in the art that various modifications and variations can be made to the structure of the present invention without departing from the scope or spirit of the invention. IN view of the foregoing, it is intended that the present invention covers modifications and variations of this invention provided they fall within the scope of the following claims and their equivalents.